2023-09-12 03:30:01 +02:00
|
|
|
---
|
|
|
|
- name: Setup VPN Meshnetwork
|
|
|
|
hosts: all
|
|
|
|
become: true
|
|
|
|
become_user: root
|
|
|
|
gather_facts: true
|
|
|
|
vars:
|
|
|
|
nodes: "{{ groups['all'] }}"
|
|
|
|
tasks:
|
|
|
|
- name: Generate Keymaterial
|
|
|
|
become: true
|
|
|
|
block:
|
|
|
|
- name: Generate Private Key
|
|
|
|
ansible.builtin.shell:
|
|
|
|
executable: /bin/bash
|
|
|
|
cmd: |
|
|
|
|
set -o pipefail
|
|
|
|
wg genkey | tee /etc/wireguard/privatekey
|
|
|
|
creates: /etc/wireguard/privatekey
|
|
|
|
- name: Register Private Key
|
|
|
|
ansible.builtin.slurp:
|
|
|
|
src: /etc/wireguard/privatekey
|
|
|
|
register: private_key_b64
|
|
|
|
changed_when: false
|
|
|
|
- name: Register Public Key
|
|
|
|
ansible.builtin.shell:
|
|
|
|
executable: /bin/bash
|
|
|
|
cmd: |
|
|
|
|
set -o pipefail
|
|
|
|
cat /etc/wireguard/privatekey | wg pubkey
|
|
|
|
register: public_key
|
|
|
|
changed_when: false
|
|
|
|
- name: Set facts
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
wg_private_key: "{{ private_key_b64.content | b64decode }}"
|
|
|
|
wg_public_key: "{{ public_key.stdout }}"
|
|
|
|
- name: Deploy Config
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: wg_infra.conf.j2
|
|
|
|
dest: /etc/wireguard/wg_infra.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0600
|
|
|
|
notify:
|
|
|
|
- Restart wireguard
|
|
|
|
- name: Enable systemd service
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: wg-quick@wg_infra
|
|
|
|
enabled: true
|
2023-09-13 05:10:01 +02:00
|
|
|
- name: Setup /etc/hosts
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /etc/hosts
|
|
|
|
regexp: "^{{ item }}\\s"
|
|
|
|
line: "{{ hostvars[item]['wg_addr'] | mandatory }} {{ item }}"
|
|
|
|
state: present
|
|
|
|
loop: "{{ nodes }}"
|
|
|
|
when: item != inventory_hostname
|
2023-09-12 03:30:01 +02:00
|
|
|
|
|
|
|
handlers:
|
|
|
|
- name: Restart wireguard
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: wg-quick@wg_infra
|
|
|
|
state: restarted
|
|
|
|
|
|
|
|
# vim: ft=yaml.ansible
|